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CLAIMS _ _ - - 

1- A method in an IP network, the network including a switch 
node (5), at least one DHCP server (4, 4a, 4b) and at least 
one subscriber (6) being associated with the node^ the 
5 method including the following steps: 

- creating a list (LI) of trusted ones of the DHCP servers; 

- transmitting by the subscriber (6) a DHCP request message 
(M3) for an IP address; 

- receiving a reply message (M4), which carries an assigned 
10 subscriber IP address (IPl) ; 

- analysing (510, 808,(8)) the reply message to be a DHCP 
message and having a source address (IP4) from one of the 
trusted DHCP servers (4); 

- updating (513,812,(10)) a filter (9, TABl) dynamically in 
15 the node (5)^ the filter storing an identification 

(MACl,Pi,VLANl) of the subscriber (6) and the assigned 
subscriber IP address (IPl) ; 

- transmitting a frame (FRl) from the subscriber (6) using a 
source IP address (IPX) ; 

20 - comparing in the filter (9, TABl) said source IP address 
with the stored subscriber IP address (IPl) ; 

- discarding said frame when said source IP address (IPX) 
differs from the stored subscriber IP address (IPl) . 

2. A method in an IP network according to claim 1, the 
25 method including storing in the* filter (9, TABl) a subscriber 
MAC address (MACl) , a subscriber physical port number (PI), 
a subscriber virtual LAN identity (VLANl) and a lease time 
interval (Tl) for the assigned siibscriber IP address (IPl) . 
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3. A method in an IP network according to claim 1, the 
subscriber IP address being statically assigned and handled 
by the DHCP servers (4, 4a/ 4b). 



5 4. A method in an IP network according to claim 2, the 
method including deleting the subscriber identification 
(MACl, PI, VLANl) and the corresponding assigned subscriber IP 
address (IPl) from the filter (9,TAB1) when the lease time 
interval (Tl) is out. 

10 

5. A method in an IP network according to claim 1, 2, 3 or 
4, the method including: 

counting a number of attempts (n) from the subscriber (6A) 
to use an illegitimate IP address; 

15 - comparing (9, CI) the number (n) of the attempts with a 
threshold niomber (N) ; 

- sending a warning signal (Wl) when the number of attempts 
(n=ll) exceeds a threshold {N=10) criteria. 



20 6. A device in an IP network, the device (5) including: 

- at least one port {P1,P2,P3) for a subscriber (6,6A); 

- an uplink port (PN) for DHCP servers in the network (1) ; 
and 

- a filter device (9) having a list (LI) over trusted ones 
25 of the DHCP servers (4, 4a, 4b), the filter device (9) being 

associated with the ports (P1,P2,P3; PN) , 

wherein 
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- the device (5) is arranged to receive a subscriber IP 
address request message (M3) on the subscriber port (PI), 
analyse it to be a DHCP message and transmit it on the 
uplink port (PN) ; 

5 - the device (5) is arranged to receive a reply message (M4) 
on the uplink port (PN) , analyse it to be a DHCP message 
and to have a source IP address (IP4) from one of the 
trusted DHCP servers on the list (LI) ; 

- the device (5) is arranged to dynamically update the 
10 filter (9,TAB1) with an identification of the subscriber 

(6) and a corresponding assigned subscriber IP address 
(IPl) in the reply message (M4) ; 

- the device is arranged to receive a frame (FRl) with a 
source IP address (IPX) on the subscriber port (P2); 

15 - the device is arranged to compare in the filter (9,TAB1) 
said source IP address (IPX) with the stored subscriber IP 
address (IPl) ; and 

the device is arranged to discard said frame (FRl) when 
said source IP address (IPX) differs from the stored 
20 subscriber IP address (IPl) . 



7. A device in an IP network according to claim 6, the 
device being arranged to store in the filter (9,TAB1) a 
subscriber MAC address (MACl) , a subscriber physical port 
25 number (PI), a subscriber virtual LAN identity (VLANl) and a 
lease time interval (Tl) for the assigned subscriber IP 
address (IPl) . 
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8. A device in an IP network" according to cladLm 6, the 
- _ - subscriber IP address being a statically assigned address 
which is handled by the DHCP servers (4,4a,4b), 



5 9. A device in an IP network according to claim 7, the 
device (5) being arranged to delete the subscriber 
identification (MACl, PI, VLANl) and the corresponding 
assigned subscriber IP address (IPl) from the filter 
(9,TAB1) when the lease time interval (Tl) is out. 

10 

10- A device in an IP network according to claim 6, 1, 8 or 
9, the filter (9) having a counter (CI) being arranged to 
count a number (n) of discarded frames (FRl) on the 
subscriber port (P2) , to compare (9, CI) the number (n) of 
15 the discarded frames with a threshold nimber (N) and to send 
a warning signal (Wl) when the number of discarded frames 
(n=ll) exceeds a threshold criterion (N=10) . 



AMENDED SEDEET 



